Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bcASiS9P934Vg-sy3L8qyKyNBm4.roa
File:                     bcASiS9P934Vg-sy3L8qyKyNBm4.roa (raw, json)
Hash identifier:          JqTtwmNOJq5VvTUmveGFEDUhTx7j1UVVu5VAz13wv38=
Subject key identifier:   6D:C0:12:89:2F:4F:F7:7E:15:83:EB:32:DC:BF:2A:C8:AC:8D:06:6E
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228D99EF7B0FDEA6042DE532CF5E16B7
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bcASiS9P934Vg-sy3L8qyKyNBm4.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31541
IP address blocks:        212.252.204.0/24 maxlen: 24
                          212.252.205.0/24 maxlen: 24
                          212.252.206.0/24 maxlen: 24
                          212.252.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:99:ef:7b:0f:de:a6:04:2d:e5:32:cf:5e:16:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dc012892f4ff77e1583eb32dcbf2ac8ac8d066e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:dc:f7:ac:45:04:ec:7c:d4:77:1c:88:57:4d:
                    0f:70:60:c9:c6:aa:80:81:06:ef:28:28:60:98:72:
                    45:e9:92:5a:76:9f:6e:bb:20:29:71:9b:93:92:d7:
                    08:28:8b:59:88:e3:1e:c4:5c:f4:60:19:54:d6:17:
                    f5:a0:1c:10:72:df:c4:32:c3:46:8d:4b:c1:40:ec:
                    b1:01:2e:f1:1c:d3:d9:b8:3c:7a:5a:1e:88:8a:f3:
                    b8:a1:63:ca:94:ad:c5:49:67:cf:90:3b:f6:94:a1:
                    47:1b:21:e7:0b:90:de:4e:99:cf:b3:87:58:48:0a:
                    f3:5b:06:d7:75:2b:b0:94:82:cf:ed:e0:4f:29:bd:
                    69:c3:1a:a5:83:97:bd:7c:35:c9:e9:04:3e:c7:ba:
                    01:4e:bd:b7:20:7c:59:a1:51:5f:24:b1:94:7a:fa:
                    70:d1:a6:d7:04:1b:de:60:2d:05:3a:3a:92:d8:01:
                    5e:c1:30:62:86:1e:bf:66:05:d2:9d:c9:0c:2f:42:
                    52:80:08:06:b0:75:93:3c:e8:29:df:3c:b7:a4:53:
                    7b:93:f0:21:a1:7d:84:eb:6f:80:21:de:3d:2a:37:
                    12:61:29:b3:23:51:57:49:40:d3:9e:61:8d:6e:8b:
                    58:5c:04:9e:3b:21:69:44:0a:63:63:4c:70:68:cc:
                    17:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:C0:12:89:2F:4F:F7:7E:15:83:EB:32:DC:BF:2A:C8:AC:8D:06:6E
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/bcASiS9P934Vg-sy3L8qyKyNBm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.252.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:10:65:7e:66:84:3e:7b:2e:62:5e:d3:af:b6:39:35:3c:35:
         6b:56:2a:fb:2f:79:c8:2e:91:28:e7:15:3e:a9:00:b7:84:0d:
         d4:b9:62:85:b7:a9:da:e0:0c:29:f4:b2:23:3f:77:f2:b6:33:
         44:02:7c:e3:03:68:df:d9:0d:1d:f3:89:60:52:6d:cb:bb:98:
         5e:f4:1f:75:b8:1e:5e:65:7a:5e:c4:43:4e:00:c6:dc:ed:5f:
         aa:2a:26:49:e1:f3:5d:ff:c8:38:a0:0c:b8:b9:0d:4f:21:67:
         59:80:8e:80:b7:90:ae:2c:84:42:29:c8:50:ac:79:3a:e1:7c:
         e3:09:07:a1:5c:a5:8c:ca:12:0b:f5:e8:4f:e2:04:2f:4d:93:
         07:e2:00:e4:55:49:3a:17:48:9e:66:98:48:f5:d1:a3:d8:0b:
         9d:35:7d:cc:28:b4:c9:0d:ce:d2:bd:6d:23:94:f7:4e:bf:a5:
         3e:70:59:27:4c:a4:fa:d2:53:87:0f:37:8c:df:b6:7f:ab:2d:
         03:6b:23:27:39:1a:8c:43:d1:dc:b1:28:c7:06:f0:f8:88:ba:
         18:09:0b:a5:04:60:87:50:55:32:db:ad:7b:5f:65:9e:e4:34:
         eb:84:d6:e2:16:81:9a:84:7d:1c:b1:43:30:d9:a2:5d:e8:2c:
         4e:42:aa:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZnvew/epgQt5TLPXha3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGMwMTI4OTJmNGZmNzdlMTU4M2ViMzJkY2JmMmFjOGFjOGQwNjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Nz3rEUE7HzUdxyIV00PcGDJxqqA
gQbvKChgmHJF6ZJadp9uuyApcZuTktcIKItZiOMexFz0YBlU1hf1oBwQct/EMsNG
jUvBQOyxAS7xHNPZuDx6Wh6IivO4oWPKlK3FSWfPkDv2lKFHGyHnC5DeTpnPs4dY
SArzWwbXdSuwlILP7eBPKb1pwxqlg5e9fDXJ6QQ+x7oBTr23IHxZoVFfJLGUevpw
0abXBBveYC0FOjqS2AFewTBihh6/ZgXSnckML0JSgAgGsHWTPOgp3zy3pFN7k/Ah
oX2E62+AId49KjcSYSmzI1FXSUDTnmGNbotYXASeOyFpRApjY0xwaMwXSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3AEokvT/d+FYPrMty/KsisjQZuMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvYmNBU2lTOVA5MzRWZy1zeTNMOHF5S3lOQm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1PzMMA0G
CSqGSIb3DQEBCwUAA4IBAQA4EGV+ZoQ+ey5iXtOvtjk1PDVrVir7L3nILpEo5xU+
qQC3hA3UuWKFt6na4Awp9LIjP3fytjNEAnzjA2jf2Q0d84lgUm3Lu5he9B91uB5e
ZXpexENOAMbc7V+qKiZJ4fNd/8g4oAy4uQ1PIWdZgI6At5CuLIRCKchQrHk64Xzj
CQehXKWMyhIL9ehP4gQvTZMH4gDkVUk6F0ieZphI9dGj2AudNX3MKLTJDc7SvW0j
lPdOv6U+cFknTKT60lOHDzeM37Z/qy0DayMnORqMQ9HcsSjHBvD4iLoYCQulBGCH
UFUy2617X2We5DTrhNbiFoGahH0csUMw2aJd6CxOQqrB
-----END CERTIFICATE-----